HTTP resources and specifications

1990年代初めにHTTPは初めて仕様化されました。 Designed with extensibility in mind, it has seen numerous additions over the years; this lead to its specification being scattered through numerous specification documents (in the midst of experimental abandoned extensions). This page lists relevant resources about HTTP.

仕様書 表題 状態
RFC 7230 Hypertext Transfer Protocol (HTTP/1.1): Message Syntax and Routing 標準化への提唱
RFC 7231 Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content 標準化への提唱
RFC 7232 Hypertext Transfer Protocol (HTTP/1.1): Conditional Requests 標準化への提唱
RFC 7233 Hypertext Transfer Protocol (HTTP/1.1): Range Requests 標準化への提唱
RFC 7234 Hypertext Transfer Protocol (HTTP/1.1): Caching 標準化への提唱
RFC 5861 HTTP Cache-Control Extensions for Stale Content 情報の提供
RFC 8246 HTTP Immutable Responses 標準化への提唱
RFC 7235 Hypertext Transfer Protocol (HTTP/1.1): Authentication 標準化への提唱
RFC 6265 HTTP State Management Mechanism
Defines Cookies		 標準化への提唱
草稿仕様 Cookie Prefixes IETF 草稿
草稿仕様 Same-Site Cookies IETF 草稿
草稿仕様 Deprecate modification of 'secure' cookies from non-secure origins IETF 草稿
RFC 2145 Use and Interpretation of HTTP Version Numbers 情報の提供
RFC 6585 Additional HTTP Status Codes 標準化への提唱
RFC 7538 The Hypertext Transfer Protocol Status Code 308 (Permanent Redirect) 標準化への提唱
RFC 7725 An HTTP Status Code to Report Legal Obstacles 標準化過程
RFC 2397 The "data" URL scheme 標準化への提唱
RFC 3986 Uniform Resource Identifier (URI): Generic Syntax インターネット標準
RFC 5988 Web Linking
Defines the Link header		 標準化への提唱
実験的仕様 Hypertext Transfer Protocol (HTTP) Keep-Alive Header 情報の提供 (有効期限切れ)
草稿仕様 HTTP Client Hints IETF 草稿
RFC 7578 Returning Values from Forms: multipart/form-data 標準化への提唱
RFC 6266 Use of the Content-Disposition Header Field in the Hypertext Transfer Protocol (HTTP) 標準化への提唱
RFC 2183 Communicating Presentation Information in Internet Messages: The Content-Disposition Header Field
Only a subset of syntax of the Content-Disposition header can be used in the context of HTTP messages.		 標準化への提唱
RFC 7239 Forwarded HTTP Extension 標準化への提唱
RFC 6455 The WebSocket Protocol 標準化への提唱
RFC 5246 The Transport Layer Security (TLS) Protocol Version 1.2
This specification has been modified by subsequent RFCs, but these modifications have no effect on the HTTP protocol.		 標準化への提唱
草稿仕様 The Transport Layer Security (TLS) Protocol Version 1.3
Once ready, this protocol will supersede TLS 1.2.		 IETF 草稿
RFC 2817 Upgrading to TLS Within HTTP/1.1 標準化への提唱
RFC 7540 Hypertext Transfer Protocol Version 2 (HTTP/2) 標準化への提唱
RFC 7541 HPACK: Header Compression for HTTP/2 標準化過程
RFC 7838 HTTP Alternative Services 標準化過程
RFC 7301 Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension
Used to negotiate HTTP/2 at the transport to save an extra request/response round trip.		 標準化への提唱
RFC 6454 The Web Origin Concept 標準化への提唱
Fetch
CORS の定義		 Cross-Origin Resource Sharing 現行の標準
RFC 7034 HTTP Header Field X-Frame-Options 情報の提供
RFC 6797 HTTP Strict Transport Security (HSTS) 標準化への提唱
Upgrade Insecure Requests Upgrade Insecure Requests 勧告候補
Content Security Policy 1.0 Content Security Policy 1.0
CSP 1.1 and CSP 3.0 doesn't extend the HTTP standard		 廃止された
マイクロソフト文章 Specifying legacy document modes*
Defines X-UA-Compatible		 Note
RFC 5689 HTTP Extensions for Web Distributed Authoring and Versioning (WebDAV)
These extensions of the Web, as well as CardDAV and CalDAV, are out-of-scope for HTTP on the Web. Modern APIs for application are defines using the RESTful pattern nowadays.		 標準化への提唱
RFC 2324 Hyper Text Coffee Pot Control Protocol (HTCPCP/1.0) エープリルフール冗談仕様
RFC 7168 The Hyper Text Coffee Pot Control Protocol for Tea Efflux Appliances (HTCPCP-TEA) エープリルフール冗談仕様
HTML Living Standard HTML
Defines extensions of HTTP for Server-Sent Events		 現行の標準
Tracking Preference Expression DNT header 編集者草稿 / 勧告候補
Reporting API Report-To header 草稿
草稿仕様 Expect-CT Extension for HTTP IETF 草稿

 

関連トピック
  1. HTTP
  2. Guides:
  3. Resources and URIs
    1. Identifying resources on the Web
    2. Data URIs
    3. Introduction to MIME Types
    4. Complete list of MIME Types
    5. Choosing between www and non-www URLs
  4. HTTP guide
    1. Basics of HTTP
    2. Overview of HTTP
    3. Evolution of HTTP
    4. HTTP Messages
    5. A typical HTTP session
    6. Connection management in HTTP/1.x
    7. Protocol upgrade mechanism
  5. HTTP security
    1. Content Security Policy (CSP)
    2. HTTP Public Key Pinning (HPKP)
    3. HTTP Strict Transport Security (HSTS)
    4. Cookie security
    5. X-Content-Type-Options
    6. X-Frame-Options
    7. X-XSS-Protection
    8. Mozilla web security guidelines
    9. Mozilla Observatory
  6. HTTP access control (CORS)
  7. HTTP authentication
  8. HTTP caching
  9. HTTP compression
  10. HTTP conditional requests
  11. HTTP content negotiation
  12. HTTP cookies
  13. HTTP range requests
  14. HTTP redirects
  15. HTTP specifications
  16. Feature policy
  17. References:
  18. HTTP headers
    1. Accept
    2. Accept-Charset
    3. Accept-Encoding
    4. Accept-Language
    5. Accept-Ranges
    6. Access-Control-Allow-Credentials
    7. Access-Control-Allow-Headers
    8. Access-Control-Allow-Methods
    9. Access-Control-Allow-Origin
    10. Access-Control-Expose-Headers
    11. Access-Control-Max-Age
    12. Access-Control-Request-Headers
    13. Access-Control-Request-Method
    14. Age
    15. Allow
    16. Alt-Svc [翻訳する]
    17. Authorization
    18. Cache-Control
    19. Clear-Site-Data
    20. Connection
    21. Content-Disposition
    22. Content-Encoding
    23. Content-Language
    24. Content-Length
    25. Content-Location
    26. Content-Range
    27. Content-Security-Policy
    28. Content-Security-Policy-Report-Only
    29. Content-Type
    30. Cookie
    31. Cookie2
    32. DNT
    33. Date
    34. ETag
    35. Early-Data
    36. Expect
    37. Expect-CT
    38. Expires
    39. Feature-Policy
    40. Forwarded
    41. From
    42. Host
    43. If-Match
    44. If-Modified-Since
    45. If-None-Match
    46. If-Range
    47. If-Unmodified-Since
    48. 索引
    49. Keep-Alive
    50. Large-Allocation [翻訳する]
    51. Last-Modified
    52. Location
    53. Origin
    54. Pragma
    55. Proxy-Authenticate
    56. Proxy-Authorization [翻訳する]
    57. Public-Key-Pins [翻訳する]
    58. Public-Key-Pins-Report-Only [翻訳する]
    59. Range
    60. Referer
    61. Referrer-Policy
    62. Retry-After
    63. Sec-WebSocket-Accept [翻訳する]
    64. Server
    65. Server-Timing
    66. Set-Cookie
    67. Set-Cookie2
    68. SourceMap
    69. HTTP Strict Transport Security
    70. TE [翻訳する]
    71. Timing-Allow-Origin [翻訳する]
    72. Tk
    73. Trailer [翻訳する]
    74. Transfer-Encoding
    75. Upgrade-Insecure-Requests [翻訳する]
    76. User-Agent
    77. Vary
    78. Via [翻訳する]
    79. WWW-Authenticate
    80. Warning [翻訳する]
    81. X-Content-Type-Options [翻訳する]
    82. X-DNS-Prefetch-Control
    83. X-Forwarded-For
    84. X-Forwarded-Host
    85. X-Forwarded-Proto
    86. X-Frame-Options
    87. X-XSS-Protection
  19. HTTP request methods
    1. CONNECT [翻訳する]
    2. DELETE
    3. GET
    4. HEAD [翻訳する]
    5. OPTIONS
    6. PATCH [翻訳する]
    7. POST
    8. PUT [翻訳する]
    9. TRACE
  20. HTTP response status codes
    1. 100 Continue
    2. 101 Switching Protocols
    3. 200 OK
    4. 201 Created
    5. 202 Accepted
    6. 203 Non-Authoritative Information
    7. 204 No Content
    8. 205 Reset Content
    9. 206 Partial Content
    10. 300 Multiple Choices
    11. 301 Moved Permanently
    12. 302 Found
    13. 303 See Other
    14. 304 Not Modified
    15. 307 Temporary Redirect
    16. 308 Permanent Redirect
    17. 400 Bad Request
    18. 401 Unauthorized
    19. 403 Forbidden
    20. 404 Not Found
    21. 405 Method Not Allowed
    22. 406 Not Acceptable
    23. 407 Proxy Authentication Required
    24. 408 Request Timeout
    25. 409 Conflict
    26. 410 Gone
    27. 411 Length Required
    28. 412 Precondition Failed
    29. 413 Payload Too Large
    30. 414 URI Too Long
    31. 415 Unsupported Media Type
    32. 416 Range Not Satisfiable
    33. 417 Expectation Failed
    34. 418 I'm a teapot
    35. 422 Unprocessable Entity
    36. 425 Too Early
    37. 426 Upgrade Required
    38. 428 Precondition Required
    39. 429 Too Many Requests
    40. 431 Request Header Fields Too Large
    41. 451 Unavailable For Legal Reasons
    42. 500 Internal Server Error
    43. 501 Not Implemented
    44. 502 Bad Gateway
    45. 503 Service Unavailable
    46. 504 Gateway Timeout
    47. 505 HTTP Version Not Supported
    48. 511 Network Authentication Required
  21. CSP directives
    1. CSP: base-uri
    2. CSP: block-all-mixed-content
    3. CSP: child-src [翻訳する]
    4. CSP: connect-src [翻訳する]
    5. CSP: default-src
    6. CSP: font-src [翻訳する]
    7. CSP: form-action [翻訳する]
    8. CSP: frame-ancestors [翻訳する]
    9. CSP: frame-src [翻訳する]
    10. CSP: img-src [翻訳する]
    11. CSP: manifest-src [翻訳する]
    12. CSP: media-src [翻訳する]
    13. CSP: object-src [翻訳する]
    14. CSP: plugin-types [翻訳する]
    15. CSP: referrer
    16. CSP: report-uri [翻訳する]
    17. CSP: require-sri-for [翻訳する]
    18. CSP: sandbox [翻訳する]
    19. CSP: script-src
    20. CSP: style-src [翻訳する]
    21. CSP: upgrade-insecure-requests
    22. CSP: worker-src
    23. report-to
  22. CORS errors
    1. Reason: CORS disabled
    2. Reason: CORS header 'Access-Control-Allow-Origin' does not match 'xyz'
    3. Reason: CORS header 'Access-Control-Allow-Origin' missing
    4. Reason: CORS header ‘Origin’ cannot be added
    5. Reason: CORS preflight channel did not succeed
    6. Reason: CORS request did not succeed
    7. Reason: CORS request external redirect not allowed
    8. Reason: CORS request not HTTP
    9. Reason: Credential is not supported if the CORS header ‘Access-Control-Allow-Origin’ is ‘*’
    10. Reason: Did not find method in CORS header ‘Access-Control-Allow-Methods’
    11. Reason: Multiple CORS header 'Access-Control-Allow-Origin' not allowed
    12. Reason: expected ‘true’ in CORS header ‘Access-Control-Allow-Credentials’
    13. Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’
    14. Reason: invalid token ‘xyz’ in CORS header ‘Access-Control-Allow-Methods’
    15. Reason: missing token ‘xyz’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel
  23. Feature-Policy directives
    1. Feature-Policy: autoplay
    2. Feature-Policy: camera
    3. Feature-Policy: encrypted-media
    4. Feature-Policy:fullscreen
    5. Feature-Policy:geolocation
    6. Feature-Policy:microphone
    7. Feature-Policy: midi
    8. Feature-Policy: payment
    9. Feature-Policy: vr
    10. document-domain [翻訳する]